[ISN] Adobe Reader, Acrobat updates fix 17 critical holes

From: InfoSec News <alerts_at_private>
Date: Wed, 30 Jun 2010 00:25:07 -0500 (CDT)
http://news.cnet.com/8301-27080_3-20009190-245.html

By Elinor Mills
InSecurity Complex
CNet News
June 29, 2010

Adobe on Tuesday released updates for Reader and Acrobat that plug 17 
critical holes, including one being exploited in the wild to take 
control of computers and one that could be used to launch an attack 
using social engineering and PDF files.

Adobe warned about the vulnerability being used in attacks, which also 
affected Flash Player, in early June and plugged the hole in Flash on 
June 10.

Meanwhile, the PDF vulnerability was made public in late March by 
security researcher Didier Stevens, who fashioned a proof-of-concept 
attack that relied on the "/launch" functionality. Another researcher at 
NitroSecurity took advantage of the same flaw to create a 
proof-of-concept attack about a week later.

"We added functionality to block any attempts to launch an executable or 
other harmful objects by default," Adobe's Steve Gottwals, wrote in a 
blog post on Tuesday. "We also altered the way the existing warning 
dialog works to thwart the known social engineering attacks."

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Tue Jun 29 2010 - 22:25:07 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 22:32:18 PDT